httpd-docs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Michael Rasmussen <>
Subject Clarification on NameVirtualHost and VirtualHost sections
Date Sat, 22 Sep 2007 15:43:53 GMT

I'd supply a patch, but I don't know which of: ...
is appropriate.

I believe the statement:

  If a <VirtualHost> block does not contain a ServerName statement the hostname
  of the computer will be used.  
Should be added.  


It explains the default behavior.

If someone has a misconfigured VirtualHost it can possibly hijack the
configuration for the hostname defined VirtualHost.
Assume a configuration using
  Include /etc/apache2/sites-enabled/[^.#]*
that has a, perhaps vendor supplied, 000-default or default that does not
have a ServerName specified.  For example:

000-default or default file:
<VirtualHost *:80>
    # No Server Name definition
    DocumentRoot /var/www/
    # ... other directives

hostname.domain.tld file:
<VirtualHost *:80>
    ServerName hostname.domain.tld
    DocumentRoot /var/www/hostname
    # ... other directives

Contrary to their expectation the content stored at /var/www/hostname
would never be served.  Instead the content at the DocumentRoot defined
in the 000-default or default file would be served.

Note, this could happen with any configuration where the file for
a misconfigured VirtualHost is loaded before the one containing the
definition where ServerName equals `hostname`.

Thank you for considering this suggestion.

      Michael Rasmussen, Portland Oregon  
    Be appropriate && Follow your curiosity
  The fortune cookie says:
Excuse me, but didn't I tell you there's NO HOPE for the survival of

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message